@. Recover and . Sk-alice, To authenticate and recover an encrypted session key K sent by Bob, Alice does the following: 1. (K S ) ? Decrypt SK Alice (C) 2. b ? Verify Bob S = Sign SK Bob

A. Agrawal, D. Boneh, and X. Boyen, Efficient Lattice (H)IBE in the Standard Model, Gilbert [Gil10], pp.553-572
DOI : 10.1007/978-3-642-13190-5_28

A. Agrawal, D. Boneh, and X. Boyen, Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE, Rabin [Rab10], pp.98-115
DOI : 10.1007/978-3-642-14623-7_6

C. Aguilar-melchor, X. Boyen, J. Deneuville, and P. Gaborit, Sealing the leak on classical NTRU signatures, Cryptology ePrint Archive, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01316689

L. Ali-can-atici, J. Batina, I. Fan, S. Verbauwhede, and . Berna-Örs, Lowcost implementations of NTRU for pervasive security, 19th IEEE International Conference on Application-Specific Systems, Architectures and Processors, pp.79-84, 2008.

J. [. Aguilar, L. Barrier, M. O. Fousse, and . Killijian, Xpire : Private information retrieval for everyone

A. Allievi, E. Carter, and E. Tacheau, Threat spotlight: Teslacrypt ? decrypt it yourself, 2015.

M. Abdalla, A. D. Caro, and K. Mochetti, Lattice-Based Hierarchical Inner Product Encryption, Hevia and Neven [HN12], pp.121-138
DOI : 10.1007/978-3-642-33481-8_7

URL : https://hal.archives-ouvertes.fr/hal-00915812

Y. Jee-hea-an, T. Dodis, and . Rabin, On the security of joint signature and encryption, Knudsen [Knu02], pp.83-107

[. Aggarwal, D. Dadush, O. Regev, and N. Stephens-davidowitz, Solving the shortest vector problem in 2 n time using discrete gaussian sampling: Extended abstract, Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, pp.733-742, 2015.

[. Aggarwal, D. Dadush, and N. Stephens-davidowitz, Solving the closest vector problem in $2?n$ time -the discrete gaussian strikes again! CoRR, pp.3-28

[. Agrawal, D. M. Freeman, and V. Vaikuntanathan, Functional Encryption for Inner Product Predicates from Learning with Errors, pp.21-40
DOI : 10.1007/978-3-642-25385-0_2

S. Arora and R. Ge, New Algorithms for Learning in Presence of Errors, ICALP 2011, Part I, pp.403-415, 2011.
DOI : 10.1145/1568318.1568324

M. Ajtai, Generating hard instances of lattice problems (extended abstract), Proceedings of the twenty-eighth annual ACM symposium on Theory of computing , STOC '96, pp.99-108, 1996.
DOI : 10.1145/237814.237838

J. Alwen and C. Peikert, Generating shorter bases for hard random lattices. Cryptology ePrint Archive, Report, vol.521521, pp.121-123, 2008.
URL : https://hal.archives-ouvertes.fr/inria-00359718

J. Alwen and C. Peikert, Generating Shorter Bases for Hard Random Lattices, Theory of Computing Systems, vol.26, issue.5, pp.535-553, 2011.
DOI : 10.1137/S0097539795293172

URL : https://hal.archives-ouvertes.fr/inria-00359718

M. R. Albrecht, R. Player, and S. Scott, On the concrete hardness of learning with errors. Cryptology ePrint Archive, 2015.

A. Walter-edwin, The principle of minimized iterations in the solution of the matrix eigenvalue problem, Quarterly of Applied Mathematics, vol.9, issue.12, pp.17-29, 1951.

]. D. Arsg-+-13, C. Andriesse, B. Rossow, D. Stone-gross, H. Plohmann et al., Highly resilient peer-topeer botnets are here: An analysis of gameover zeusThe Americas, Malicious and Unwanted SoftwareMALWARE), 2013 8th International Conference on, pp.116-123, 2013.

L. Babai, On lova´sz' lattice reduction and the nearest lattice point problem, Proceedings on STACS 85 2Nd Annual Symposium on Theoretical Aspects of Computer Science, pp.13-20, 1985.

L. Babai, On Lov??sz??? lattice reduction and the nearest lattice point problem, Combinatorica, vol.357, issue.1, pp.1-13, 1986.
DOI : 10.1016/B978-0-12-566780-7.50016-7

[. Boneh, X. Boyen, and H. Shacham, Short Group Signatures, LNCS, vol.3152, pp.41-55, 2004.
DOI : 10.1007/978-3-540-28628-8_3

V. Daniel, D. Bailey, A. J. Coffin, J. H. Elbirt, A. D. Silverman et al., NTRU in constrained devices, CHES 2001, pp.262-272, 2001.

J. Buchmann, D. Cabarcas, F. Göpfert, A. Hülsing, and P. Weiden, Discrete Ziggurat: A Time-Memory Trade-Off for Sampling from a Gaussian Distribution over the Integers, Lange et al. [LLL14], pp.402-417
DOI : 10.1007/978-3-662-43414-7_20

W. Joppe, C. Bos, M. Costello, D. Naehrig, and . Stebila, Post-quantum key exchange for the TLS protocol from the ring learning with errors problem, 2015 IEEE Symposium on Security and Privacy, SP 2015, pp.553-570, 2015.

D. Bernstein, A subfield-logarithm attack against ideal lattices, pp.65-70, 2014.

D. Boneh and M. K. Franklin, Identity-based encryption from the Weil pairing, LNCS, vol.2139, issue.121, pp.213-229, 2001.
DOI : 10.1007/3-540-44647-8_13

URL : http://eprint.iacr.org/2001/090.ps.gz

D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, V. Nikolaenko et al., Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits, pp.533-556
DOI : 10.1007/978-3-642-55220-5_30

URL : http://dspace.mit.edu/bitstream/1721.1/90992/1/V_Fully%20key.pdf

[. Boldyreva, V. Goyal, and V. Kumar, Identity-based encryption with efficient revocation, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.417-426, 2008.
DOI : 10.1145/1455770.1455823

URL : http://www.cc.gatech.edu/~aboldyre/papers/bgk.pdf

S. Bai, A. Langlois, T. Lepoint, D. Stehlé, and R. Steinfeld, Improved security proofs in lattice-based cryptography: using the rényi divergence rather than the statistical distance, ASIACRYPT, vol.100, pp.33-98, 2015.

A. Brakerski, C. Langlois, O. Peikert, D. Regev, and . Stehlé, Classical hardness of learning with errors, Proceedings of the 45th annual ACM symposium on Symposium on theory of computing, STOC '13, pp.575-584
DOI : 10.1145/2488608.2488680

URL : https://hal.archives-ouvertes.fr/hal-00922194

M. [. Box and . Muller, A Note on the Generation of Random Normal Deviates, The Annals of Mathematical Statistics, vol.29, issue.2, pp.610-611
DOI : 10.1214/aoms/1177706645

X. Boyen, Identity-Based Signcryption, Dent and Zheng [DZ10], pp.195-216
DOI : 10.1007/978-3-540-89411-7_10

X. Boyen, Lattice Mixing and Vanishing Trapdoors: A Framework for Fully Secure Short Signatures and More, PKC 2010, pp.499-517, 2010.
DOI : 10.1007/978-3-642-13013-7_29

X. Boyen, Attribute-Based Functional Encryption on Lattices, LNCS, vol.7785, issue.97, pp.122-142, 2013.
DOI : 10.1007/978-3-642-36594-2_8

X. Boyen and B. Waters, Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles), LNCS, vol.4117, pp.290-307, 2006.
DOI : 10.1007/11818175_17

URL : https://link.springer.com/content/pdf/10.1007%2F11818175_17.pdf

[. Cachin, Entropy Measures and Unconditional Security in Cryptography, 1997.

J. Calvet, C. R. Davis, and P. Bureau, Malware authors don't learn, and that's good!, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp.88-97, 2009.
DOI : 10.1109/MALWARE.2009.5403013

R. Cramer, L. Ducas, C. Peikert, and O. Regev, Recovering Short Generators of Principal Ideals in Cyclotomic Rings, Cryptology ePrint Archive, pp.65-70, 2015.
DOI : 10.1007/978-3-662-49896-5_20

J. Calvet, J. M. Fernandez, and J. Marion, Aligot, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.169-182, 2012.
DOI : 10.1145/2382196.2382217

URL : https://hal.archives-ouvertes.fr/hal-00762924

[. Cash, D. Hofheinz, E. Kiltz, and C. Peikert, Bonsai trees, or how to delegate a lattice basis, Gilbert [Gil10], pp.523-552

J. Hee-cheon, K. Han, C. Lee, H. Ryu, and D. Stehlé, Cryptanalysis of the Multilinear Map over the Integers, Oswald and Fischlin [OF15], pp.3-12
DOI : 10.1007/978-3-662-46800-5_1

C. Chu, J. K. Liu, J. Zhou, F. Bao, and R. H. Deng, Practical IDbased encryption for wireless sensor network (short paper), ASIACCS 10, pp.337-340, 2010.

N. Donald-donglong-chen, F. Mentens, S. Vercauteren, R. C. Sinha-roy, D. Cheung et al., High-speed polynomial multiplication architecture for ringlwe and SHE cryptosystems, IEEE Trans. on Circuits and Systems, issue.1, pp.62-157, 2015.

Y. Chen and P. Q. Nguyen, BKZ 2.0: Better Lattice Security Estimates, Lee and Wang [LW11], pp.1-20
DOI : 10.1007/978-3-642-25385-0_1

URL : https://hal.archives-ouvertes.fr/hal-01109961

[. Cocks, An Identity Based Encryption Scheme Based on Quadratic Residues, Cryptography and Coding, 8th IMA International Conference, pp.360-363, 2001.
DOI : 10.1007/3-540-45325-3_32

J. Caballero, P. Poosankam, C. Kreibich, and D. X. Song, Dispatcher, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pp.621-634, 2009.
DOI : 10.1145/1653662.1653737

J. Camenisch and M. Stadler, Efficient group signature schemes for large groups (extended abstract), Kaliski Jr. [Kal97], pp.410-424

W. James, . Cooley, W. John, and . Tukey, An algorithm for the machine calculation of complex fourier series, Mathematics of computation, vol.19, issue.101, pp.297-301, 1965.

M. Thomas, J. Cover, and . Thomas, Elements of Information Theory, 1991.

[. Davis, Defective sign & encrypt in s/mime, pkcs#7, moss, pem, pgp, and XML, Proceedings of the General Track: 2001 USENIX Annual Technical Conference, pp.65-78, 2001.

. Dbg-+-15-]-Özgür-dagdelen, F. Bansarkhani, T. Göpfert, T. Güneysu, T. Oder et al., High-speed signatures from standard lattices, LATINCRYPT 2014, pp.84-103, 2015.

[. Ducas and A. Durmus, Ring-LWE in Polynomial Rings, Public Key Cryptography?PKC 2012, pp.34-51
DOI : 10.1007/978-3-642-30057-8_3

URL : https://hal.archives-ouvertes.fr/hal-01111627

[. Ducas, A. Durmus, T. Lepoint, and V. Lyubashevsky, Lattice Signatures and Bimodal Gaussians, Canetti and Garay [CG13], pp.40-56
DOI : 10.1007/978-3-642-40041-4_3

URL : https://hal.archives-ouvertes.fr/hal-00864298

C. Nagarjun, S. D. Dwarakanath, and . Galbraith, Sampling from discrete gaussians for latticebased cryptography on a constrained device, Appl. Algebra Eng. Commun. Comput, vol.25, issue.43, pp.159-180, 2014.

W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638

[. Ducas, V. Lyubashevsky, and T. Prest, Efficient Identity-Based Encryption over NTRU Lattices, ASIACRYPT 2014, pp.22-41, 2014.
DOI : 10.1007/978-3-662-45608-8_2

URL : https://hal.archives-ouvertes.fr/hal-01094814

N. Döttling and J. Müller-quade, Lossy Codes and a New Variant of the Learning-With-Errors Problem, Johansson and Nguyen [JN13], pp.18-34
DOI : 10.1007/978-3-642-38348-9_2

[. Ducas and P. Q. Nguyen, Faster Gaussian Lattice Sampling Using Lazy Floating-Point Arithmetic, Wang and Sako [WS12], pp.415-432
DOI : 10.1007/978-3-642-34961-4_26

URL : https://hal.archives-ouvertes.fr/hal-00864360

[. Ducas and P. Q. Nguyen, Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures, Wang and Sako [WS12], pp.433-450
DOI : 10.1007/978-3-642-34961-4_27

URL : https://hal.archives-ouvertes.fr/hal-00864359

J. Daemen and V. Rijmen, The Design of Rijndael, 2002.
DOI : 10.1007/978-3-662-04722-4

L. Ducas, Lattice Based Signatures: Attacks, Analysis and Optimization, p.4, 2013.

]. J. Dur60 and . Durbin, The fitting of time-series models. Revue de l'Institut International de Statistique / Review of the International Statistical Institute, pp.233-244, 1960.

J. Ding, X. Xie, and X. Lin, A simple provably secure key exchange scheme based on the learning with errors problem, Cryptology ePrint Archive, vol.688, 2012.

A. W. Dent and Y. Zheng, Practical Signcryption, pp.142-153, 2010.
DOI : 10.1007/978-3-540-89411-7

[. Even, O. Goldreich, and S. Micali, On-line/off-line digital schemes, CRYPTO'89, pp.263-275, 1990.

J. Graham, J. Hoffstein, J. H. Pipher, P. Silverman, and . Hirschhorn, IEEE p1363.1 draft 10: Draft standard for public key cryptographic techniques based on hard problems over lattices, Cryptology ePrint Archive Report, vol.361, p.361, 2008.

T. Elgamal, A public key cryptosystem and a signature scheme based on discrete logarithms, Blakley and Chaum [BC84], pp.10-18

P. Fouque, M. S. Lee, T. Lepoint, and M. Tibouchi, Cryptanalysis of the Co-ACD Assumption, Advances in Cryptology -CRYPTO 2015 -35th Annual Cryptology Conference Proceedings, Part I, pp.561-580, 2015.
DOI : 10.1007/978-3-662-47989-6_27

C. Fieker and D. Stehlé, Short Bases of Lattices over Number Fields, Algorithmic Number Theory, 9th International Symposium, ANTS-IX Proceedings, pp.157-173, 2010.
DOI : 10.1007/978-3-642-14518-6_15

URL : https://hal.archives-ouvertes.fr/hal-00546895

A. Fujioka, K. Suzuki, K. Xagawa, and K. Yoneyama, Practical and postquantum authenticated key exchange from one-way secure key encapsulation mechanism, ASIACCS 13, pp.83-94, 2013.
DOI : 10.1145/2484313.2484323

A. Guinet, C. Aguilar, S. Guelton, and T. Lepoint, Quatre millions d'échanges de clés par seconde, SSTIC 2015, p.122, 2015.

D. Steven and . Galbraith, Mathematics of Public Key Cryptography, p.24, 2012.

T. Gfs-+-12-]-norman-göttert, M. Feller, J. Schneider, S. A. Buchmann, and . Huss, On the design of hardware building blocks for modern lattice-based encryption schemes, Prouff and Schaumont [PS12b], pp.512-529

O. Goldreich, S. Goldwasser, and S. Halevi, Public-key cryptosystems from lattice reduction problems, Kaliski Jr. [Kal97], pp.112-131
DOI : 10.1007/BFb0052231

URL : http://www.lcs.mit.edu/publications/pubs/pdf/MIT-LCS-TR-703.pdf

[. Garg, C. Gentry, and S. Halevi, Candidate Multilinear Maps from Ideal Lattices, Johansson and Nguyen [JN13], pp.1-17
DOI : 10.1007/978-3-642-38348-9_1

URL : http://eprint.iacr.org/2012/610.pdf

[. Gama, N. Howgrave-graham, and P. Q. Nguyen, Symplectic Lattice Reduction and NTRU, Vaudenay [Vau06], pp.233-253
DOI : 10.1016/0022-314X(87)90088-6

[. Gentry, J. Jonsson, J. Stern, and M. Szydlo, Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt, LNCS, vol.2248, pp.1-20, 2001.

[. Güneysu, V. Lyubashevsky, and T. Pöppelmann, Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems, Prouff and Schaumont [PS12b], pp.530-547
DOI : 10.1007/978-3-642-33027-8_31

N. Gama and P. Q. Nguyen, Predicting Lattice Reduction, LNCS, vol.4965, issue.122, pp.31-51, 2008.
DOI : 10.1007/978-3-540-78967-3_3

O. Goldreich, Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme, LNCS, vol.263, issue.86, pp.104-110, 1987.
DOI : 10.1007/3-540-47721-7_8

[. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, Proceedings of the fourtieth annual ACM symposium on Theory of computing, STOC 08, pp.197-206, 2008.
DOI : 10.1145/1374376.1374407

URL : http://eprint.iacr.org/2007/432.pdf

B. William and . Gragg, Positive definite toeplitz matrices, the arnoldi process for isometric operators, and gaussian quadrature on the unit circle, Journal of Computational and Applied Mathematics, vol.46, issue.12, pp.183-198, 1993.

[. Galindo, R. Roman, and J. Lopez, A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks, CANS 08, pp.120-132, 2008.
DOI : 10.1007/s00145-004-0313-x

W. Morven-gentleman and G. Sande, Fast Fourier Transforms, Proceedings of the November 7-10, 1966, fall joint computer conference on XX, AFIPS '66 (Fall), pp.563-578, 1966.
DOI : 10.1145/1464291.1464352

C. Gentry and M. Szydlo, Cryptanalysis of the Revised NTRU Signature Scheme, Knudsen [Knu02], pp.299-320
DOI : 10.1007/3-540-46035-7_20

A. Guillevic, Arithmetic of pairings on algebraic curves for cryptography. Theses, 2013.
URL : https://hal.archives-ouvertes.fr/tel-00921940

[. Gorbunov, V. Vaikuntanathan, and H. Wee, Attribute-based encryption for circuits, Boneh et al. [BRF13], pp.545-554

[. Gröbert, C. Willems, and T. Holz, Automated Identification of Cryptographic Primitives in Binary Programs, Recent Advances in Intrusion Detection -14th International Symposium, RAID 2011 Proceedings, pp.41-60, 2011.
DOI : 10.1109/SECPRI.1996.502676

[. Howgrave-graham, J. Hoffstein, J. Pipher, and W. Whyte, On estimating the lattice security of NTRU, Cryptology ePrint Archive Report, vol.104104, 2005.

J. Hoffstein, N. Howgrave-graham, J. Pipher, J. H. Silverman, and W. Whyte, NTRUSign: Digital Signatures Using the NTRU Lattice, LNCS, vol.2612, issue.84, pp.122-140, 2003.
DOI : 10.1007/3-540-36563-X_9

N. J. Higham, Accuracy and Stability of Numerical Algorithms, Society for Industrial and Applied Mathematics, pp.44-58, 2002.
DOI : 10.1137/1.9780898718027

K. Hill, Blueprints of NSA's ridiculously expensive data center in utah suggest it holds less info than thought. http://www.forbes.com/sites/kashmirhill/2013/07/24/blueprin ts-of-nsa-data-center-in-utah-suggest-its-storage-capacity-is-less-impre ssive-than-thought, 2013.

T. Michael, . Heideman, H. Don, C. Johnson, and . Burrus, Gauss and the history of the fast fourier transform, ASSP Magazine IEEE, vol.1, issue.4, pp.14-21, 1984.

J. Hoffstein, J. Pipher, and J. H. Silverman, NTRU: A ring-based public key cryptosystem ANTS-III, Algorithmic Number Theory, Third International Symposium Proceedings, pp.267-288, 1998.

J. Hoffstein, J. Pipher, and J. H. Silverman, NSS: An NTRU Lattice-Based Signature Scheme, LNCS, vol.2045, pp.211-228, 2001.
DOI : 10.1007/3-540-44987-6_14

R. Kannan, Minkowski's Convex Body Theorem and Integer Programming, Mathematics of Operations Research, vol.12, issue.3, pp.415-440, 1987.
DOI : 10.1287/moor.12.3.415

URL : http://repository.cmu.edu/cgi/viewcontent.cgi?article=2568&context=compsci

F. Charles and . Karney, Sampling exactly from the normal distribution. arXiv preprint arXiv:1303, 2013.

N. Philip and . Klein, Finding the closest lattice vector when it's unusually close, SODA, pp.937-941, 2000.

E. Kiltz and G. Neven, Identity-based signatures, 2009.

N. Koblitz, Hyperelliptic cryptosystems, Journal of Cryptology, vol.2, issue.4, pp.139-150, 1989.
DOI : 10.2140/pjm.1988.131.157

[. Wilhoit, Your locker of information for cryptolocker decryption, 2014.

A. [. Kamal and . Youssef, An FPGA implementation of the NTRUEncrypt cryptosystem, 2009 International Conference on Microelectronics, ICM, pp.209-212, 2009.
DOI : 10.1109/ICM.2009.5418649

T. Kitagawa, P. Yang, G. Hanaoka, R. Zhang, H. Watanabe et al., Generic Transforms to Acquire CCA-Security for Identity Based Encryption: The Cases of FOpkc and REACT, Information Security and Privacy, 11th Australasian Conference Proceedings, pp.348-359, 2006.
DOI : 10.1007/11780656_29

C. Lanczos, An iterative method for the solution of the eigenvalue problem of linear differential and integral, 1950.

A. Langlois, Lattice -Based Cryptography -Security Foundations and Constructions. Theses, Ecole normale supérieure de lyon -ENS LYON, 2014.
URL : https://hal.archives-ouvertes.fr/tel-01126931

K. Arjen and . Lenstra, Lattices and factorization of polynomials over algebraic number fields Computer Algebra, EUROCAM '82, European Computer Algebra Conference, Proceedings, pp.32-39, 1982.

T. Lepoint, Design and Implementation of Lattice-Based Cryptography, p.4, 2014.
URL : https://hal.archives-ouvertes.fr/tel-01069864

N. Levinson, The Wiener RMS (Root Mean Square) Error Criterion in Filter Design and Prediction, J. Math. Phys. Mass. Inst. Tech, vol.25, issue.48, pp.261-278, 1947.
DOI : 10.1007/978-1-4612-5335-8_16

M. Marc-Étienne and . Léveillé, Torrentlocker -ransomware in a country near you, 2014.

H. [. Lenstra, L. Lenstra, and . Lovász, Factoring polynomials with rational coefficients, Mathematische Annalen, vol.32, issue.4, pp.515-534, 1982.
DOI : 10.1007/BF01457454

URL : http://www.busim.ee.boun.edu.tr/~mihcak/teaching/ee684-spring07/proposed-project-papers/hard-problems/lattice-problems/lenstra.pdf

Y. Liu, V. Lyubashevsky, and D. Micciancio, On Bounded Distance Decoding for General Lattices, APPROX-RANDOM, pp.450-461, 2006.
DOI : 10.1007/11830924_41

[. Lyubashevsky and D. Micciancio, Generalized Compact Knapsacks Are Collision Resistant, Part II LNCS, vol.4052, issue.7, pp.144-155, 2006.
DOI : 10.1007/11787006_13

[. Lyubashevsky, D. Micciancio, C. Peikert, and A. Rosen, SWIFFT: A Modest Proposal for FFT Hashing, LNCS, vol.5086, pp.54-72, 2008.
DOI : 10.1007/978-3-540-71039-4_4

[. Leder, P. Martini, and A. Wichmann, Finding and extracting crypto routines from malware, 2009 IEEE 28th International Performance Computing and Communications Conference, pp.14-16, 2009.
DOI : 10.1109/PCCC.2009.5403858

URL : http://net.cs.uni-bonn.de/fileadmin/user_upload/leder/ipccc1569262248.pdf

[. Lyubashevsky and T. Prest, Quadratic Time, Linear Space Algorithms for Gram-Schmidt Orthogonalization and Gaussian Sampling in Structured Lattices, Oswald and Fischlin [OF15], pp.789-815
DOI : 10.1007/978-3-662-46800-5_30

URL : https://hal.archives-ouvertes.fr/hal-01235176

[. Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings, Gilbert [Gil10], pp.1-23

[. Lyubashevsky, C. Peikert, and O. Regev, On ideal lattices and learning with errors over rings Preliminary version appeared in EUROCRYPT 2010, J. ACM, vol.60, issue.124, pp.43-76, 2013.

[. Lyubashevsky, Chris Peikert, and Oded Regev. A toolkit for ring-LWE cryptography, Johansson and Nguyen [JN13], pp.35-54

S. Ling, D. Hieu-phan, D. Stehlé, and R. Steinfeld, Hardness of k-LWE and applications in traitor tracing, CRYPTO 2014, pp.315-334, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01091300

[. Luzzi, D. Stehlé, and C. Ling, Decoding by Embedding: Correct Decoding Radius and DMT Optimality, IEEE Transactions on Information Theory, vol.59, issue.5, pp.2960-2973, 2013.
DOI : 10.1109/TIT.2012.2236144

URL : https://hal.archives-ouvertes.fr/hal-00648134

Z. Liu, H. Seo, S. Sinha-roy, J. Großschädl, H. Kim et al., Efficient Ring-LWE Encryption on 8-Bit AVR Processors, Cryptographic Hardware and Embedded Systems -CHES 2015 -17th International Workshop Proceedings, pp.663-682, 2015.
DOI : 10.1007/978-3-662-48324-4_33

URL : http://eprint.iacr.org/2015/410.pdf

A. Langlois, D. Stehlé, and R. Steinfeld, GGHLite: More Efficient Multilinear Maps from Ideal Lattices, pp.239-256
DOI : 10.1007/978-3-642-55220-5_14

URL : https://hal.archives-ouvertes.fr/hal-00983179

A. López-alt, E. Tromer, and V. Vaikuntanathan, On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption, Proceedings of the 44th symposium on Theory of Computing, STOC '12, pp.1219-1234, 2012.
DOI : 10.1145/2213977.2214086

[. Laarhoven, J. Van-de-pol, and . Benne-de-weger, Solving hard lattice problems and the security of lattice-based cryptosystems. Cryptology ePrint Archive, 2012.

[. Lyubashevsky, Towards Practical Lattice-Based Cryptography, 2008.

[. Lyubashevsky, Lattice-based encryption

V. Lyubashevsky, Lattice Signatures without Trapdoors, Pointcheval and Johansson [PJ12], pp.738-755
DOI : 10.1007/978-3-642-29011-4_43

URL : https://hal.archives-ouvertes.fr/hal-00864308

T. [. Marsaglia and . Bray, A Convenient Method for Generating Normal Variables, SIAM Review, vol.6, issue.3, pp.260-264, 1964.
DOI : 10.1137/1006063

D. Micciancio and S. Goldwasser, Complexity of Lattice Problems: a cryptographic perspective , volume 671 of The Kluwer International Series in Engineering and Computer Science, pp.23-26, 2002.
DOI : 10.1007/978-1-4615-0897-7

S. Victor and . Miller, Use of elliptic curves in cryptography, LNCS, vol.85, issue.218, pp.417-426, 1986.

J. Morris, Cracking the encrypted c&c protocol of the zeroaccess botnet, p.145, 2012.

D. Micciancio and C. Peikert, Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller, Pointcheval and Johansson [PJ12], pp.700-718
DOI : 10.1007/978-3-642-29011-4_41

URL : http://www.cc.gatech.edu/~cpeikert/pubs/efftrap.pdf

D. Micciancio and C. Peikert, Hardness of SIS and LWE with Small Parameters, Canetti and Garay [CG13], pp.21-39
DOI : 10.1007/978-3-642-40041-4_2

D. Micciancio and O. Regev, Worst-case to average-case reductions based on Gaussian measures, 45th FOCS, pp.372-381, 2004.

D. Micciancio and O. Regev, Worst???Case to Average???Case Reductions Based on Gaussian Measures, SIAM Journal on Computing, vol.37, issue.1, pp.267-302, 2007.
DOI : 10.1137/S0097539705447360

G. Marsaglia and W. W. Tsang, The Ziggurat Method for Generating Random Variables, Journal of Statistical Software, vol.5, issue.8, 2000.
DOI : 10.18637/jss.v005.i08

Q. Phong, O. Nguyen, and . Regev, Learning a parallelepiped: Cryptanalysis of GGH and NTRU signatures, Vaudenay [Vau06], pp.271-288

J. Henri and . Nussbaumer, Fast Fourier transform and convolution algorithms, p.97, 2012.

Q. Phong, B. Nguyen, and . Vallée, The LLL Algorithm -Survey and Applications. Information Security and Cryptography, pp.16-163, 2010.

L. B. Oliveira, D. F. Aranha, C. Porto-lopes-gouvêa, M. Scott, D. F. Câmara et al., TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks, Computer Communications, vol.34, issue.3, pp.485-493, 2011.
DOI : 10.1016/j.comcom.2010.05.013

L. B. Oliveira, D. F. Aranha, E. Morais, F. Daguano, J. López et al., TinyTate: Computing the Tate Pairing in Resource-Constrained Sensor Nodes, Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007), pp.12-14, 2007.
DOI : 10.1109/NCA.2007.48

L. B. Oliveira, R. Dahab, J. Lopez, F. Daguano, and A. A. Loureiro, Identity-Based Encryption for Sensor Networks, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07), pp.290-294, 2007.
DOI : 10.1109/PERCOMW.2007.56

[. Pöppelmann, L. Ducas, and T. Güneysu, Enhanced Lattice-Based Signatures on Reconfigurable Hardware, Batina and Robshaw [BR14], pp.353-370
DOI : 10.1007/978-3-662-44709-3_20

C. Peikert, An Efficient and Parallel Gaussian Sampler for Lattices, Rabin [Rab10], pp.80-97
DOI : 10.1007/978-3-642-14623-7_5

URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-14623-7_5.pdf

C. Peikert, Lattice Cryptography for the Internet, Post-Quantum Cryptography -6th International Workshop, pp.197-219, 2014.
DOI : 10.1007/978-3-319-11659-4_12

T. Pöppelmann and T. Güneysu, Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware, Hevia and Neven [HN12], pp.139-158
DOI : 10.1007/978-3-642-33481-8_8

T. Pöppelmann and T. Güneysu, Area optimization of lightweight lattice-based encryption on reconfigurable hardware, 2014 IEEE International Symposium on Circuits and Systems (ISCAS), pp.2796-2799, 2014.
DOI : 10.1109/ISCAS.2014.6865754

T. Pöppelmann and T. Güneysu, Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware, Lange et al. [LLL14], pp.68-85
DOI : 10.1007/978-3-662-43414-7_4

[. Pöppelmann, T. Oder, and T. Güneysu, High-Performance Ideal Lattice-Based Cryptography on 8-Bit ATxmega Microcontrollers, Progress in Cryptology -LATINCRYPT 2015 -4th International Conference on Cryptology and Information Security in Latin America Proceedings, pp.346-365, 2015.
DOI : 10.1007/978-3-319-22174-8_19

C. Peikert and A. Rosen, Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices, LNCS, vol.3876, issue.7, pp.145-166, 2006.
DOI : 10.1007/11681878_8

G. Kenneth, S. Paterson, and . Srinivasan, On the relations between non-interactive key distribution, identity-based encryption and trapdoor discrete log groups. Cryptology ePrint Archive, Report, vol.453453, pp.140-146, 2007.

G. Kenneth, S. Paterson, and . Srinivasan, On the relations between non-interactive key distribution, identity-based encryption and trapdoor discrete log groups, Des. Codes Cryptography, vol.52, issue.2, pp.219-241, 2009.

[. Patil and S. A. Szygenda, Security for Wireless Sensor Networks Using Identity-Based Cryptography

H. [. Porras, V. Sadi, and . Yegneswaran, A Multi-perspective Analysis of the Storm (Peacomm) Worm. ? Cited on, p.145

O. Michael and . Rabin, Digital signatures and public key functions as intractable as factorization, 1979.

C. Rossow and C. J. Dietrich, ProVeX: Detecting Botnets with Encrypted Command and Control Channels, Detection of Intrusions and Malware, and Vulnerability Assessment -10th International Conference Proceedings, pp.21-40, 2013.
DOI : 10.1007/978-3-642-39235-1_2

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, 37th ACM STOC, pp.84-93, 2005.

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, J. ACM, vol.56, issue.6, 2009.

[. Rich and B. Gellman, NSA seeks to build quantum computer that could crack most types of encryption. https://www.washingtonpost.com/world/national-security/ns a-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encrypt ion, pp.8-297, 2014.

M. Rückert and M. Schneider, Estimating the security of lattice-based cryptosystems. Cryptology ePrint Archive, Report, vol.137, 2010.

R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol.21, issue.2, pp.120-126, 1978.
DOI : 10.1145/359340.359342

F. Sujoy-sinha-roy, N. Vercauteren, D. D. Mentens, I. Chen, and . Verbauwhede, Compact ring-LWE cryptoprocessor, Batina and Robshaw [BR14], pp.371-391

F. Sujoy-sinha-roy, I. Vercauteren, and . Verbauwhede, High Precision Discrete Gaussian Sampling on FPGAs, pp.383-401
DOI : 10.1007/978-3-662-43414-7_19

J. Moheeb-abu-rajab, F. Zarfoss, A. Monrose, and . Terzis, A multifaceted approach to understanding the botnet phenomenon, Proceedings of the 6th ACM SIGCOMM on Internet measurement , IMC '06, pp.41-52, 2006.
DOI : 10.1145/1177080.1177086

P. Szczechowiak and M. Collier, TinyIBE: Identity-based encryption for heterogeneous sensor networks, 2009 International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pp.319-354, 2009.
DOI : 10.1109/ISSNIP.2009.5416743

C. James and . Schatzman, Accuracy of the discrete fourier transform and the fast fourier transform

[. Schick, Ophionlocker ransomware uses advanced encryption to hold data hostage, 2014. https://securityintelligence.com/news/ophionlocker-ransomware-uses-a dvanced-encryption-to-hold-data-hostage

[. Schnorr and M. Euchner, Lattice basis reduction: Improved practical algorithms and solving subset sum problems, Mathematical Programming, vol.13, issue.1, pp.181-199, 1994.
DOI : 10.1007/BF01581144

. Sec-]-voltage and . Security, The identity-based encryption advantage -a proven standard for protecting information . https://www.voltage.com/resource/the-identity-based-encryption-a dvantage-a-proven-standard-for-protecting-information

A. Shamir, Identity-Based Cryptosystems and Signature Schemes, Blakley and Chaum [BC84], pp.47-53
DOI : 10.1007/3-540-39568-7_5

URL : https://link.springer.com/content/pdf/10.1007%2F3-540-39568-7_5.pdf

W. Peter and . Shor, Algorithms for quantum computation: Discrete logarithms and factoring, 35th FOCS, pp.124-134, 1994.

R. Sakai, K. Ohgishi, and M. Kasahara, Cryptosystems based on pairing, SCIS, pp.119-142, 2000.

T. Spies, Identity based encryption, p.143, 2004.

D. Stehlé and R. Steinfeld, Making NTRU as Secure as Worst-Case Problems over Ideal Lattices, LNCS, vol.6632, issue.127, pp.27-47, 2011.
DOI : 10.1007/978-3-642-20465-4_4

S. C. Sérgio, R. M. Silva, R. C. Silva, R. M. Pinto, and . Salles, Botnets: A survey, Computer Networks, vol.57, issue.2, pp.378-403, 2013.

[. Stehlé, R. Steinfeld, K. Tanaka, and K. Xagawa, Efficient Public Key Encryption Based on Ideal Lattices, LNCS, vol.5912, issue.7, pp.617-635, 2009.
DOI : 10.1007/978-3-642-10366-7_36

]. G. Ste98 and . Stewart, Matrix Algorithms, Basic Decompositions. Society for Industrial Mathematics, vol.1, 1998.

D. Stehlé, Floating-Point LLL: Theoretical and Practical Aspects, Nguyen and Vallée [NV10], pp.179-213
DOI : 10.1007/978-3-642-02295-1_5

[. Stephens-davidowitz, Discrete Gaussian Sampling Reduces to CVP and SVP, Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, pp.3-28, 2015.
DOI : 10.1137/1.9781611974331.ch121

]. D. Swe84 and . Sweet, Fast toeplitz orthogonalization, Numerische Mathematik, vol.43, pp.1-21, 1984.

A. B. Tsybakov, Introduction to Nonparametric Estimation, 2008.
DOI : 10.1007/b13794

R. Vershynin, Introduction to the non-asymptotic analysis of random matrices. arXiv preprint arXiv:1011, 2010.

A. Wan, Learning, Cryptography, and the Average Case, p.16, 2010.

J. David, R. M. Wheeler, and . Needham, TEA, a tiny encryption algorithm, LNCS, vol.1008, issue.94, pp.363-366, 1995.

[. Xiong, D. S. Wong, and X. Deng, TinyPairing: A Fast and Lightweight Pairing-Based Cryptographic Library for Wireless Sensor Networks, 2010 IEEE Wireless Communication and Networking Conference, pp.1-6, 2010.
DOI : 10.1109/WCNC.2010.5506580

P. Yang, T. Kitagawa, G. Hanaoka, R. Zhang, K. Matsuura et al., Applying Fujisaki-Okamoto to Identity-Based Encryption, Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 16th International Symposium, AAECC-16 Proceedings, pp.183-192, 2006.
DOI : 10.1007/11617983_18

Y. Geng, C. , R. Christian, V. Jiang-tao, W. et al., Identity-based key agreement and encryption for wireless sensor networks. The Journal of China Universities of Posts and Telecommunications, pp.54-60, 2006.

[. Yu, Direct Online/Offline Digital Signature Schemes, 2008.

L. Adam, M. Young, and . Yung, Cryptovirology: Extortion-based security threats and countermeasures, IEEE Symposium on Security and Privacy, pp.129-140, 1996.

]. V. Zak10 and . Zakorzhevsky, A new version of sality at large, 2010.